Jump to content

Recommended Posts

We own Malwarebutes anti-malware. We had a trial of anti exploit for a few weeks and I disabled it about a month ago because we were not going to use it and were unable to exclude some programs we need to exclude. out of the blue I started getting some users that were getting blocked by anti exploit even though it was not licensed any more. I was told to remove the lic. it was grayed out. weeks went by and a few users started getting blocked on an internal java program we use. could that dats have changed to start blocking something that was not previously blocked? if it is not licensed and grayed out how is it that anti exploit can block programs? they sent me screen shots of the blocks. 

 

we would click stop protection and hide the icon on the users who called it but they should not have anti exploit on their PC 

 

Thanks

Vin

Share this post


Link to post
Share on other sites

Hello and :welcome:

We would need more info on the system and also please provide the screen shots you have....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs

(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

Share this post


Link to post
Share on other sites

basically what happened months ago we had a trial for MB and anti-exploit.Anti-exploit was not working well in our environment because we cold not white-list things we needed to. I removed the LIC and we were working fine for weeks. then out of the blue some users started getting anti exploit even though it was grayed out in the MB console. and getting the attached warning. attached are the requested log files from a PC that had the anti exploit after the LIC was removed and it was grayed out.

 

thanks

Vincent Lobaccaro

 

 

 

 

mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Limited User
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0 
mbam-check result log version: 2.1.1.1001
 
Malwarebytes Version: REG_SZ 1.75.0.1300
 
Malwarebytes Programbuild: REG_SZ mee
 
Date Log Created: 09/30/14
Time Log Created: 18:34:00
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Users\Sujit\AppData\Local\Pershing\NetX360\NetX360.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25928     BYTES FileVersion: 1.60.2.0 MD5: [33410befe0e622130b7ae3d65cdcfcb2]
 
--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{faeb78d3-5395-4bf6-b191-a840ace1bbbc}REG_BINARY Binary Data
 
{ea79b4ee-698a-47f3-a484-2ee6f46c3ce4}REG_BINARY Binary Data
 
{aba6a510-4395-4bc3-9b65-2d7a0c1d49e5}REG_BINARY Binary Data
 
{011da7a6-942e-470c-a6f2-09dd48c1cd73}REG_BINARY Binary Data
 
{99e39278-1739-4a08-9791-3341c6a8d8df}REG_BINARY Binary Data
 
{bcdbe4db-8e00-456a-8555-a3033a99e816}REG_BINARY Binary Data
 
{4b0e938f-3674-4e1f-a5e3-f16b222eb73d}REG_BINARY Binary Data
 
{adaf5489-be3c-46db-a822-5c2516f585fd}REG_BINARY Binary Data
 
{25454128-aba1-43cb-8ba0-646dc9ba4b21}REG_BINARY Binary Data
 
{49f451e9-f24d-44d3-ac4f-4dd87f6c8b73}REG_BINARY Binary Data
 
{433a55a3-6b34-4571-80f1-0e78f9439bfc}REG_BINARY Binary Data
 
{fe34caa0-6609-4049-823c-aef42b5926b6}REG_BINARY Binary Data
 
{fcdaa80a-2eb3-4580-96e3-c457d6569353}REG_BINARY Binary Data
 
{26603b93-61b2-48e0-813f-16bb4b6e7919}REG_BINARY Binary Data
 
{e33eca6c-5bd8-48cb-a75e-5c11565d666b}REG_BINARY Binary Data
 
{16c69bf2-1c65-401b-8e5e-4c5a7863ac59}REG_BINARY Binary Data
 
{7ef35c08-55fa-48ea-8b7b-b257e22165b8}REG_BINARY Binary Data
 
{17714efc-f70e-40ae-8666-8004293db74c}REG_BINARY Binary Data
 
{ae8895d8-cb8e-400c-beba-8f94331835f5}REG_BINARY Binary Data
 
{bb6831b3-e550-4f7f-92e6-80969dfdc1ac}REG_BINARY Binary Data
 
{3bec21dd-286b-4450-881c-4b164401ee30}REG_BINARY Binary Data
 
{bcb25e1f-a0a5-404f-9bbc-6b3497bb9f6c}REG_BINARY Binary Data
 
{2e98643d-9607-481b-a1e3-f70092d62e01}REG_BINARY Binary Data
 
{16c396f4-1095-4204-8201-3e891b3f40d7}REG_BINARY Binary Data
 
{318c0af7-2846-427d-a2d3-f97aee88cf67}REG_BINARY Binary Data
 
{78b8fdef-8af4-4ff9-bb41-ebddd778d750}REG_BINARY Binary Data
 
{cb0ad953-193b-4b66-87f5-e5733cca6466}REG_BINARY Binary Data
 
{9e252396-c38b-4c8a-a22c-e7ce595bd1ab}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{2122d168-a15c-41ff-b341-01ecb959daef}REG_BINARY Binary Data
 
{3490656f-1c11-4e41-af94-0fa7cf768698}REG_BINARY Binary Data
 
{268935f9-1587-4a82-8326-d4ed24f26900}REG_BINARY Binary Data
 
{e4de833f-db5d-4e6a-a00e-ba1c7a98ddb5}REG_BINARY Binary Data
 
{9dc84421-38a7-4908-a24b-8d7b9e311b86}REG_BINARY Binary Data
 
{3a303dd3-b707-4355-bbd0-82445b590d4c}REG_BINARY Binary Data
 
{a9d5b0d8-57c7-4ca8-8d34-167fdb6b063a}REG_BINARY Binary Data
 
{2cc4c16d-cc4b-4985-9ace-0eba6ed94b11}REG_BINARY Binary Data
 
{0287181c-aec0-4a08-8783-e5e1ff982e9d}REG_BINARY Binary Data
 
{d96700b2-6220-4bef-8891-25fb63bb7580}REG_BINARY Binary Data
 
{2d68d870-e37d-4c4c-bf43-a3bf08b923ff}REG_BINARY Binary Data
 
{3d4f7571-e96c-4909-9a0f-da48db9e8aa6}REG_BINARY Binary Data
 
{7ddc363a-0b40-43cf-b48e-7e038fe0c656}REG_BINARY Binary Data
 
{7850862f-bfc5-4723-ac79-2d8b12f9780d}REG_BINARY Binary Data
 
{4be5d415-f1ab-4e56-8b2a-3ab4a1130a88}REG_BINARY Binary Data
 
{fe2cdb52-0fcc-42a8-80b8-901913a9cfdd}REG_BINARY Binary Data
 
{33c6072e-e55e-4a53-aa3f-eb3badc984b2}REG_BINARY Binary Data
 
{43d3b64f-0dbd-43e6-a393-9b91506113a5}REG_BINARY Binary Data
 
{9ae54d4a-6ff0-4e18-980b-764a2451370b}REG_BINARY Binary Data
 
{7f4f6de8-530d-4c84-a9a6-c6dbe00ddeb6}REG_BINARY Binary Data
 
{f6379953-9196-43ed-aba6-26a8e7e3f220}REG_BINARY Binary Data
 
{05890570-bc77-4356-8124-061bc510250d}REG_BINARY Binary Data
 
{ac59acb3-50de-43e5-9d6f-ec74ef73de2d}REG_BINARY Binary Data
 
{6c3dea77-e0be-48a7-b0ac-35750e9cf125}REG_BINARY Binary Data
 
{d9d2db37-3dd6-4757-9b42-3eb28f95f9bd}REG_BINARY Binary Data
 
{2518e56b-9a5d-45d7-8852-35b739e6527f}REG_BINARY Binary Data
 
{e6100bdf-9c7f-421c-89e7-1b1fe30ff1d7}REG_BINARY Binary Data
 
{63c65456-a361-4925-854a-4cb31adb269d}REG_BINARY Binary Data
 
{b4aace26-a003-4d0a-a57a-eab1259368a2}REG_BINARY Binary Data
 
{811ff98e-6995-4dd5-b286-716d6c152cb1}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{1e0b2398-0c3a-4677-b7dd-3fdc0ed3ed4c}REG_BINARY Binary Data
 
{faeb78d3-5395-4bf6-b191-a840ace1bbbc}REG_BINARY Binary Data
 
{df81b2c9-9863-4124-a898-f6b03a49056d}REG_BINARY Binary Data
 
{ea79b4ee-698a-47f3-a484-2ee6f46c3ce4}REG_BINARY Binary Data
 
{1c6a2268-f772-45f9-90c5-fb901483d77e}REG_BINARY Binary Data
 
{aba6a510-4395-4bc3-9b65-2d7a0c1d49e5}REG_BINARY Binary Data
 
{de6a511e-d23d-4d38-900e-062aa3682461}REG_BINARY Binary Data
 
{011da7a6-942e-470c-a6f2-09dd48c1cd73}REG_BINARY Binary Data
 
{622c993a-2216-483a-9357-8ac5a60403f2}REG_BINARY Binary Data
 
{99e39278-1739-4a08-9791-3341c6a8d8df}REG_BINARY Binary Data
 
{d2e75fa7-b64b-4efd-86cf-a651de5cef4c}REG_BINARY Binary Data
 
{bcdbe4db-8e00-456a-8555-a3033a99e816}REG_BINARY Binary Data
 
{8554f322-5cc9-4bc8-9252-9f5efac9d861}REG_BINARY Binary Data
 
{4b0e938f-3674-4e1f-a5e3-f16b222eb73d}REG_BINARY Binary Data
 
{76f24438-f4ff-411f-a726-baa497221005}REG_BINARY Binary Data
 
{adaf5489-be3c-46db-a822-5c2516f585fd}REG_BINARY Binary Data
 
{403e1a47-bce5-4fc0-9ff8-7571fb192e95}REG_BINARY Binary Data
 
{25454128-aba1-43cb-8ba0-646dc9ba4b21}REG_BINARY Binary Data
 
{dfad28aa-1257-4947-8610-c6de43064f71}REG_BINARY Binary Data
 
{49f451e9-f24d-44d3-ac4f-4dd87f6c8b73}REG_BINARY Binary Data
 
{3bd97a92-cfd0-4406-b87e-c23e07c72b1c}REG_BINARY Binary Data
 
{433a55a3-6b34-4571-80f1-0e78f9439bfc}REG_BINARY Binary Data
 
{ba3b846d-b9dc-4b0d-94f3-2b88111e5eb7}REG_BINARY Binary Data
 
{fe34caa0-6609-4049-823c-aef42b5926b6}REG_BINARY Binary Data
 
{fcdaa80a-2eb3-4580-96e3-c457d6569353}REG_BINARY Binary Data
 
{26603b93-61b2-48e0-813f-16bb4b6e7919}REG_BINARY Binary Data
 
{efb5c2cd-9d8b-4020-8a72-ea13d36aee72}REG_BINARY Binary Data
 
{e33eca6c-5bd8-48cb-a75e-5c11565d666b}REG_BINARY Binary Data
 
{2a519cf2-009f-446e-907d-1c7be02c5be4}REG_BINARY Binary Data
 
{16c69bf2-1c65-401b-8e5e-4c5a7863ac59}REG_BINARY Binary Data
 
{5e5a5cb9-f072-4860-b563-3e9e7935a125}REG_BINARY Binary Data
 
{7ef35c08-55fa-48ea-8b7b-b257e22165b8}REG_BINARY Binary Data
 
{c1dc6269-852c-4ed9-a43a-48cc9ea76e5e}REG_BINARY Binary Data
 
{17714efc-f70e-40ae-8666-8004293db74c}REG_BINARY Binary Data
 
{08197f71-89f4-4a06-883d-9c2f424d0789}REG_BINARY Binary Data
 
{ae8895d8-cb8e-400c-beba-8f94331835f5}REG_BINARY Binary Data
 
{4ba77cfc-4fee-4fa7-856e-697430c49aa5}REG_BINARY Binary Data
 
{bb6831b3-e550-4f7f-92e6-80969dfdc1ac}REG_BINARY Binary Data
 
{65d84ef3-b7c8-4934-9169-1cceba5adcee}REG_BINARY Binary Data
 
{3bec21dd-286b-4450-881c-4b164401ee30}REG_BINARY Binary Data
 
{0d113dc0-4674-41c1-b265-e26c4e4bea6a}REG_BINARY Binary Data
 
{bcb25e1f-a0a5-404f-9bbc-6b3497bb9f6c}REG_BINARY Binary Data
 
{6d28ae77-02af-4ce2-bc81-4eeac2d4a3c0}REG_BINARY Binary Data
 
{2e98643d-9607-481b-a1e3-f70092d62e01}REG_BINARY Binary Data
 
{e36c7f89-f32e-4c2a-84f8-a80edf553991}REG_BINARY Binary Data
 
{16c396f4-1095-4204-8201-3e891b3f40d7}REG_BINARY Binary Data
 
{729aabf5-33fe-44fe-9880-2a1e1d4cd395}REG_BINARY Binary Data
 
{318c0af7-2846-427d-a2d3-f97aee88cf67}REG_BINARY Binary Data
 
{28a8b014-1e32-4740-90b2-9b77f380f0a4}REG_BINARY Binary Data
 
{78b8fdef-8af4-4ff9-bb41-ebddd778d750}REG_BINARY Binary Data
 
{c22f871b-024a-49cc-a7bd-d02e309bc71a}REG_BINARY Binary Data
 
{cb0ad953-193b-4b66-87f5-e5733cca6466}REG_BINARY Binary Data
 
{3441b96f-af74-4453-a0e6-d9f32538ba7d}REG_BINARY Binary Data
 
{9e252396-c38b-4c8a-a22c-e7ce595bd1ab}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{8dfb7ab4-65f2-4889-a54b-e4a929173158}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{606d21e2-abd6-4045-a066-ed60a885a44d}REG_BINARY Binary Data
 
{6b7830bc-393b-4714-9e1a-b520984124ca}REG_BINARY Binary Data
 
{c09b302a-384c-4a80-896d-3833a7836e7f}REG_BINARY Binary Data
 
{bc5444b0-9d1e-4f4f-8cba-e9a847789c71}REG_BINARY Binary Data
 
{436a4032-cb23-4d0e-879a-34807bf2b0f9}REG_BINARY Binary Data
 
{1719f513-d55d-4dd5-b797-369555c61538}REG_BINARY Binary Data
 
{e6137d14-fc58-46df-9955-a3b92c6f41c5}REG_BINARY Binary Data
 
{4f261cc9-74d0-4525-817a-9c22b31a85e2}REG_BINARY Binary Data
 
{96457392-86af-4c1d-801a-d6a9687c6d07}REG_BINARY Binary Data
 
{dfde9054-d1de-4d45-a32e-b216b308ce1e}REG_BINARY Binary Data
 
{e986b842-c6d8-404b-a088-db3f01cbeab1}REG_BINARY Binary Data
 
{7efeba7c-0080-493c-8073-a6a0d078d146}REG_BINARY Binary Data
 
{255d26ec-e6af-43a7-a2f9-9aa462d637e7}REG_BINARY Binary Data
 
{6568a2f1-7fb0-4fe0-8fa3-c017b26d3315}REG_BINARY Binary Data
 
{0815fbe9-f46e-47b0-9720-868039cdf247}REG_BINARY Binary Data
 
{c2bd28c3-0d3e-4a41-ae85-b420db446ebb}REG_BINARY Binary Data
 
{c66e083c-ba83-4555-9dcf-85fe1334d851}REG_BINARY Binary Data
 
{bc32649d-454d-4645-9bcb-fd652197dcac}REG_BINARY Binary Data
 
{fe37a6b8-c4a1-4a59-bae1-3fc4938c5bef}REG_BINARY Binary Data
 
{4b5b50e0-12ae-4c3a-bf3e-601dcc7e8d25}REG_BINARY Binary Data
 
{585adae8-d0fa-4416-931e-64e2769b7a4d}REG_BINARY Binary Data
 
{f42f2ce9-00b2-43c5-8d9d-c0aaa28dc69c}REG_BINARY Binary Data
 
{27c75264-4877-4cb1-a6f5-ec7ba98fd03a}REG_BINARY Binary Data
 
{ff84b144-ab5e-49df-a1bd-c259cc6551d1}REG_BINARY Binary Data
 
{a09bed3a-f4d9-4f7a-b660-d416d7f6add5}REG_BINARY Binary Data
 
{a1d543ed-57b2-4e98-b870-70cd825e71c4}REG_BINARY Binary Data
 
{bc4fa49b-ffae-40a6-bb3e-14caf96dcf66}REG_BINARY Binary Data
 
{b7693536-10ff-47df-a94b-2f20ed6fead1}REG_BINARY Binary Data
 
{b179e2ae-1d67-48a0-b238-d6f42d5596ed}REG_BINARY Binary Data
 
{295707f9-9ab9-486e-8c09-38822eff5302}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070152   BYTES FileVersion: 6.1.98.34 MD5: [e52859fcb7a827cacfce7963184c7d24]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD 1
downloadprogram               REG_DWORD 0
hidereg                       REG_DWORD 0
detectp2p                     REG_DWORD 0
detectpum                     REG_DWORD 1
detectpup                     REG_DWORD 2
updatewarn                    REG_DWORD 1
updatewarndays                REG_DWORD 2
useproxy                      REG_DWORD 0
useauthentication             REG_DWORD 0
contextmenu                   REG_DWORD 1
reportthreats                 REG_DWORD 1
startwithwindows              REG_DWORD 0 <--MBAM IS NOT SET TO START WITH WINDOWS
startfsdisabled               REG_DWORD 1 <--START FILE EXECUTION BLOCKING WHEN PROTECTION MODULE STARTS IS DISABLED
startipdisabled               REG_DWORD 1 <--MBAM IP BLOCKING IS DISABLED ON WINDOWS STARTUP
silentipmode                  REG_DWORD 1 <--MBAM SILENT IP MODE IS ENABLED
autoquarantine                REG_DWORD 1
notifyinstallprogram          REG_DWORD 0
trialpromptshown              REG_DWORD 0
autoquarantinenotify          REG_DWORD 1
alwaysscanarchives            REG_DWORD 1
InstallPath                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate                        REG_SZ Tue, 30 Sep 2014 22:04:44 GMT
dbversion                     REG_SZ v2014.09.30.10
programversion                REG_SZ 1.75.0.1300
programbuild                  REG_SZ mee
corporate                     REG_DWORD 1
ID                            XXXXX This is hidden data.
Key                           XXXX-XXXX-XXXX-XXXX This is hidden data.
terminateie                   REG_DWORD 1
fullsilentmode                REG_DWORD 1
autosavelog                   REG_DWORD 1
limitedusermode               REG_DWORD 0
disableipblocking             REG_DWORD 1
delayguistart                 REG_DWORD 60
openlog                       REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
SchedulerQueue                REG_MULTI_SZ 110108676, 30399570, 1037537280, 1, 0 | 0, 0
 
 
 
 
Scheduler Queue:
================
 
Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Terminate | Scan Log | Silent
Start Time: 2014-90-30 20:00 Repeating Every: 1 Recover if missed by: 0
 
 
Last Ran: 1601-1-1-1 0:0:0
 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
 
 
MBAMService Registry Values:
============================
 
 
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
 
MBAM DLL's and Runtime Files:
=============================
 
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default):                    REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default):                    REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
 
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default):                    REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default):                    REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default):                    REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 
 
 
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
 
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
 
MBAM Registry Settings and License Info (part 2):
==================================================
 
 
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
Language                      REG_SZ english.lng
selectedrives                 REG_SZ C:\|
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
Language                      REG_SZ english.lng
selectedrives                 REG_SZ C:\|
 
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
 
List of MBAM Related Directories:
=================================
 
===============================================================
END OF FILE

Addition.txt

FRST.txt

post-173895-0-99984100-1412116222_thumb.

Edited by AdvancedSetup
phone number removed

Share this post


Link to post
Share on other sites

Can you please post the MBAE logs?

 

Simply zip or rar the entire contents of C:\ProgramData\Malwarebytes Anti-Exploit (including sub-directories)

 

Also feel free to contact me at pbustamante@malwarebytes.org to troubleshoot this more directly.

Share this post


Link to post
Share on other sites

You can simply select the entire directory, right-click on it and add it to a ZIP archive. Then just attach the ZIP archive.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.